Russia’s Telegram ban is just the start of the battle over online anonymity

The ban on the popular social network and messaging app heralds a new era of pressure on online privacy, including for western internet companies.

13 April: activists from Vesna ("Spring") movement in St Petersburg deliver paper airplanes, the symbol of the now banned Telegram app, to the city's Roskomnadzor office. (c) David Frenkel. All rights reserved. On Friday, the internet messenger Telegram was banned in Russia. The first chapter of this story, developing at its own pace since June 2017, ended in a blitzkrieg by Russia’s internet regulator in a Moscow court.

Over these eight months, Telegram has increased its user-base from six million to 15m users — catching up WhatsApp, Viber and Skype in terms of popularity in Russia. Indeed, in October 2017, Russia became the world leader in downloads with 12.5m, accounting for downloads across US, Germany, Italy, Spain and Ukraine all together.

Undoubtedly, one of the reasons for this surge in popularity was the company’s public refusal to give Russian security services access to its users’ correspondence. This became possible after the Russian internet regulator, after several weeks of active correspondence and public statements, included Telegram — against established procedure — on the so-called “Register of Organisers of Information Distribution”, i.e. social networks and other similar applications, in June 2017.

By that time, there were already 97 companies on this register, including Russia’s most popular internet services. For some reason, Facebook, WhatsApp, Google, Instagram, YouTube, Twitter, Skype and Viber were not included. Meanwhile, LinkedIn, the internet radio Zello, as well as Blackberry Messenger and the Imo and Line messengers were blocked for refusing to place themselves on the register and store Russian users’ personal data in domestic data centres.

Services on this register have to store all their users’ correspondence for six months, including transferred files, audio and text messages. Moreover, companies have to store users’ metadata for 12 months. This information has to be given to the police or the Federal Security Service (FSB) on request. There’s no legal requirement to receive court permission to access this information, which amounts to privacy of correspondence. And given that Russian courts approve 98% of wiretap requests, and internet companies are forbidden from revealing information about their cooperation with the security services, it’s unlikely that control by the courts would effectively defend against abuse of this system.

The whole saga of including Telegram on the official register and the incredibly vague demand to hand over encryption keys was meant to serve as a quasi-legal pretext for blocking the service

Another important nuance here is the fact that internet messengers are often encrypted — in contrast to telephone conversations, to which, as the European Court on Human Rights has established, the Russian security services can have direct and constant access. This is why Russia’s new legislation on digital surveillance obliges internet services using encryption to hand “information necessary to decrypt incoming and outgoing messages” to the FSB.

Telegram became the first internet company to receive a request (or at least publicly report it) to present access to users’ correspondence and encryption keys. This happened two weeks after Telegram was included on the “Register of Organisers of Information Distribution”.

I have serious doubts as to whether the FSB really believed they would receive the encryption keys from Telegram. First, the security services’ digital specialists have to understand that, given Telegram’s secret chats use end-to-end encryption generated (and regularly updated) on users’ devices, the service administrators simply do not have physical access to the encryption keys. Second, Pavel Durov, owner of Telegram, has already demonstrated his refusal to give the authorities of any state information about users. Durov was pushed out of the social network VKontakte in 2014 after he both refused to give the FSB information about administrators of pro-Ukrainian groups and made the security service’s requests public.

It’s possible to assume, then, that the whole saga of including Telegram on the official register and the incredibly vague demand to hand over encryption keys was meant to serve as a quasi-legal pretext for blocking the service.

Pavel Durov's September 2017 post on Telegram explains why he can't visit Iran and Russia. Source: Telegram. Two days after Vladimir Putin was re-elected in March 2018, Roskomnadzor sent a repeat request to Telegram to hand over the encryption keys. After Telegram refused, Roskomnadzor made a court request to block the service. The case was examined in record time.

Then, on 13 April, the court hearing on blocking a popular internet service, which has 15m users in Russia alone, took only 18 minutes. Telegram’s representatives didn’t have time to travel to the hearing, and were not allowed to familiarise themselves with Roskomnadzor’s suit. In court, Telegram’s request to appoint a hearing at a reasonable time and date, and to observe procedure, was called “abuse of the law”.

Despite the fact that Roskomnadzor’s director Alexander Zharov (recently included on the US Treasury sanction list) claimed on 9 April that there was no rush to block the service, Roskomnadzor requested that the court block Telegram as soon as possible— before the court decision came into force. This is unprecedented: Russia’s procedural legislation allows this to be done only in special cases where it is has been convincingly proven that a delay can cause significant harm or make the implementation of the decision impossible.

Several hours after the decision was made public, Roskomnadzor placed Telegram on its “blacklist”, although Zharov refused to state when the service would be blocked, citing the need for military secrecy. The law states that at least 24 hours should pass between the decision and blocking.

Most experts agree that it will be impossible to block the service completely, and that even in this case the Russian audience won’t be severely reduced. The experience of blocking the BitTorrent website RuTracker.org (despite the formal reduction in Russian users, the number of downloads has risen) and the professional network LinkedIn, which kept 70% of its Russian users, shows that users can successfully bypass internet blocks, and that the Russian state’s system of internet censorship (now in its sixth year) is far from comprehensive.

Members of the Russian parliament have already stated they are ready to “amend” legislation if it turns out that Roskomnadzor doesn’t have the right powers to block Telegram completely. While this is unlikely to help, it’s clear that global internet companies are going to start receiving similar requests. This war is only just beginning.

Damir Gainutdinov is a Candidate of Law, a co-founder of the Association of Internet Users and a legal analyst at the human-rights group, Agora. Since 2010, he has headed Agora's project on the defence of online freedom in Russia.

This article is published under a Creative Commons Attribution-NonCommercial 4.0 International licence.
If you have any queries about republishing please contact us.
Please check individual images for licensing details.

Recent comments

openDemocracy is an independent, non-profit global media outlet, covering world affairs, ideas and culture, which seeks to challenge power and encourage democratic debate across the world. We publish high-quality investigative reporting and analysis; we train and mentor journalists and wider civil society; we publish in Russian, Arabic, Spanish and Portuguese and English.